Queries for SIG records will cause an assertion error if more than oneSIG RRset is returned. Additionally, an INSIST failure can be triggeredby sending multiple recursive queries if the response to the queryarrives after all the clients looking for the response have left therecursion queue.

Impact======

An attacker having access to a recursive server can crash the server byquerying the SIG records where there are multiple SIG RRsets, or bysending many recursive queries in a short time. The exposure can belowered by restricting the clients that can ask for recursion. Anattacker can also crash an authoritative server serving a DNSSEC zonein which there are multiple SIG RRsets.

This GLSA and any updates to it are available for viewing atthe Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200609-11.xml

Concerns?=========

Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttp://bugs.gentoo.org.